When Kim Dotcom's “Mega” site launched January 20, 2013—one year to the day after the FBI shut down his Megaupload file locker on accusations of copyright infringement and wire fraud—the ostentatious file-sharing guru promised 50GB of free, encrypted storage to users. In a pre-launch interview, Dotcom told Ars, “This startup is probably the most scrutinized by lawyers in the history of tech startups.” Hopefully that scrutiny will hold up, because Mega-search is revealing a few things copyright holders may not be too happy with.

This new site, Mega-search.me, offers users a way to post links to files with the decryption key in the URL. Clicking on the link takes you to Mega, where users can download the file to their computers or Mega accounts. The third-party service can't automatically index links from Mega but instead relies entirely on users to crowdsource their goods. (Hat tip to Ars reader ghub005 for the heads-up.)

According to a quick WHOIS search, the domain was made at 11pm UTC on January 20, the same day Mega launched. The admin and registrant are listed as being located in Denver, CO, but the site's Facebook page is written exclusively in French. The .me top level domain is the Internet country code for Montenegro. The website owners did not immediately respond to a request for comment.

When you arrive on Mega-search.me, you're presented a list of files that have been added to the board by their owners. Scrolling down reveals a continuously refreshing page that shows more links below. A big box at the top lets you search for files, and a drop-down bar at the side lets you filter for videos, music, disc files, archives, and the like. Users anonymously vote files up and down, and the number of hits each file has appears in a column to the right of the file name.

To submit a link, users supply the Mega link, a file name with its extension, and the size of the file. (Mega-search's Facebook page says these last two fields will soon not be necessary to fill out.)

Clearly, not all of this content is infringement (there are plenty of links to personal files and public domain items, Italian-language Agatha Christie books for example). But a quick glance at the front page reveals many files that probably are. Files named “Weeds,” “Sherlock Holmes: A Game of Shadows,” and “Skrillex” are probably not kosher. But some of these links, when clicked, reveal a notice saying, “this file is no longer available.” (In the time it took to write this piece, a large number of links went from leading to a file to being "not found.") Dotcom's Mega is quite explicit in the “Terms of Service” that users may not “infringe anyone else's intellectual property (including but not limited to copyright) or other rights in any material.” Mega-search.me does, in fact, have a prominent button in the top right-hand corner linking to Mega's “notice of alleged infringement,” which permits users to submit a notice for takedown.

“We reserve the right to remove data alleged to be infringing without prior notice, at our sole discretion, and without liability to you.” Mega's site writes. “In appropriate circumstances, we will also terminate your account if you are determined to be a repeat infringer.” In theory, Mega's encryption involves a decryption key the site administrators do not have access to, so it would be rather difficult to verify alleged infringement. But if you're offering a link to your content with the decryption key in the URL, you're more easily found out. Users linking infringing files publicly are still purportedly small—Kim Dotcom tweeted this evening that “#Mega is now hosting almost 50 million files. Only 0.001% have been taken down by content owners. MASSIVE non-infringing use!”

When Mega launched, Dotcom compared his new site to other cloud storage services like Google Drive and Dropbox, saying his is different in that it offers free encryption and replicates a user's files across many servers, ideally in many countries. So if one overzealous law enforcement agency takes a server down, there's a greater chance that user files won't be lost.

Third-party sites that index otherwise law-abiding file lockers have occasionally caused problems for the host company. RapidShare, for example, was hounded by copyright holders (including adult entertainment site Perfect 10) for hosting copyrighted material. But in 2010 a German court found that because RapidShare does not allow users to search for publicly available content, it was not liable for how users controlled their access to the site. As Ars' Nate Anderson reported, the court ruled “RapidShare cannot be held responsible for actions of third parties, since it [RapidShare] forces people to choose how their content should be distributed rather than making it automatically available to the public.” (Luckily, one of Mega's main hosting operators is a subsidiary of Cogent, a company based in Germany.)

RapidShare later won a victory in a California-based court against Perfect 10, when a judge ruled the entertainment company could not prove that RapidShare induced users to download Perfect 10's content.

Considering the limelight shining on Kim Dotcom after Megaupload's takedown, it's unclear whether Mega will continue in the wake of RapidShare's victories. But according to Dotcom, the Mega business plan was vetted by more than 20 lawyers in the US and New Zealand, so copyright holders looking to gain an edge may have a difficult time taking down this new venture.

Promoted Comments

The vast majority of the files have already been removed either by the user or via Mega themselves that are indexed on that site. Since the files are directly linked with your public key, this doesn't seem like the best of ideas to begin with to maintain anonymity, but for random text files and e-books, those seem to not be taken down (at least so far). Might have some people from various companies monitoring that for copyright violations or Mega themselves monitoring it and pulling questionable files.

46 Reader Comments

I love it how Rihanna.pdf has gotten one thumb down. I wonder what was going through the tiny head of the poor SOB who downloaded it and was disappointed it was just a document requiring additional software to read...

On topic, there's no way to prevent users from swapping files, copyrighted or not, so what's the big deal?

The vast majority of the files have already been removed either by the user or via Mega themselves that are indexed on that site. Since the files are directly linked with your public key, this doesn't seem like the best of ideas to begin with to maintain anonymity, but for random text files and e-books, those seem to not be taken down (at least so far). Might have some people from various companies monitoring that for copyright violations or Mega themselves monitoring it and pulling questionable files.

If you believe that Mega really wants people to mis-use it to host DMCA worthy files (I'm not saying they are... but I do have my suspicions based on the Mega Upload past) then they should add in a randomized salt so that there were an infinite number of URLs for each file... then the search site could be given one URL but give out an infinity of them... it woukld make take downs harder than wack a mole... just sayin... (on the off chance that KDC reads Ars :-)

Yes, because advocating illegal activity on a public website is totally a good idea.

I'm really kind of sad that the RIAA/MPAA don't periodically go and just look for people who talk about how awesome piracy is and destroy them. It would get rid of all the idiots who constantly refer to the MAFIAA if nothing else.

Hey, I'm not advocating either way... I do have friends that have made liberal use of illegal downloads in their past... I have explained to them the ills of the Russia Mafia (thinking back to allofmp3) etc... but I can't make their decisions for them.

What I can tell you, with absolute certainty, is that "information wants to be free"... and it will find a way to be shared, whether legally or illegally... Don't believe that... then you better not look at the ongoing failures of DRM (CSS, AACS, ebook DRM, PS3 hard coded randomizer... these are but a few of a long list...)

I like technology... and I like to theorize about how to use AND abuse it... You never know what good things come from people thinking about using technology in a new way... You may have heard of people that hack their cars' computers to make them operate for what they view as better performance?? I think those kind of people are crazy polluters... but I'd rather be on their side, than the side that tried to tell me I couldn't put my legally purchased CD's into my Rio PMP (yes, I still have it here somewhere... loaded with music from 1999 that I probably downloaded from Napster (before I learned how to make my own MP3s of my own CDs))

Information doesn't want anything. People want things for free, which is why Greece is such a mess - people gave the Greeks stuff for free, and look what happened.

Thanks, Obama!

It's amazing how he manages to put so many errors into a post so short. He is technically correct in stating that information doesn't want anything. Wanting is, strictly speaking, an action limited to certain living beings. That said, there is a tendency, that, if possible, information will be proliferated. The tendency is about on par with the tendency for water on Earth to move from higher ground to lower ground. So, information wants to be free about as much as water wants to run downhill. He also manages to conflate libre with gratis, and throw in some pointless political statement.

As for why the RIAA and MPAA don't go around 'destroying' people who advocate copyright infringement, it may have to do with the fact that they aren't yet 100% above the law, so suing, assaulting, or whatever insanity TD had in mind is would be highly illegal. They did manage to curb free speech a great deal with the DMCA (and have silenced a couple of academic papers on certain security matters), but luckily, the scope of that provision only extends to circumventing DRM, not better hiding one's tracks. That would be a difficult thing to outlaw, given that somewhat similar techniques to the one mentioned are used by legitimate vendors like Amazon in tracking customers, with one of the potential uses being that the can identify infringers. I believe a porn lawsuit made use of the same kind of thing. There's also a significant business presence that relies upon encryption and may have a significant amount of uses for such tech.

The vast majority of the files have already been removed either by the user or via Mega themselves that are indexed on that site. Since the files are directly linked with your public key, this doesn't seem like the best of ideas to begin with to maintain anonymity, but for random text files and e-books, those seem to not be taken down (at least so far). Might have some people from various companies monitoring that for copyright violations or Mega themselves monitoring it and pulling questionable files.

Unless the link ( which is the public key ) is posted on the internet and Mega happens to have used a web crawler on that exact website, they have no way of knowing the filename, because of the fact every file is encrypted.

You can host all the illegal content you want, share it with only a select few people, and unless they share the file not a single person ( outside of that group ) would know about it. There is no security risk of sharing the public key ( i.e. to figure out your password ) provided the method of creating that key was correct. There are pleanty of ways to protect your anonymity and to use Mega.

I might advise not to feed the troll. Of all my years here TD is the only person I've ever foe'd as not only is he inflammatory and generally wrong, but I was getting tired of seeing so many collapsed posts. If you respond to him then I and others that have foe'd him are forced to see his gibberish.

Yes, because advocating illegal activity on a public website is totally a good idea.

I'm really kind of sad that the RIAA/MPAA don't periodically go and just look for people who talk about how awesome piracy is and destroy them. It would get rid of all the idiots who constantly refer to the MAFIAA if nothing else.

I suppose there's little value in pointing out that there's no difference between a DMCA-worthy file and someone's legally authorized personal copy uploaded to a cloud server until you can prove it is being downloaded by people other than the owner. You're aware of this and I imagine it's something you would prefer not be mentioned with frequency.

Ultimately that's the beauty of Mega's set up (from the perspective of enabling infringement). Unless you're an idiot and you go posting your files to external indexes, nobody can verify there's anyone else in your data except the Mega folks, and they're not authorized to track that data so it literally has to be a "caught red-handed" situation. I don't feel like I need to explain the likelihood of that.

While I tend to avoid engaging in illegal activities, nobody's perfect. I jaywalk now and then and I've gone right on red when it was technically prohibited. I've littered, been publicly intoxicated, and if you listen to some people I'm a murderer. In the process of becoming a murderer, I engaged in a bunch of other violent crimes (that for some reason nobody bothers mentioning) including B&E, assault and battery, destruction of property, larceny, (vehicular) manslaughter, and so forth. Luckily for me what I did wasn't illegal where and when I did it. The point being that what is criminal for one person in one place at one time isn't necessarily so if you change even one of those variables.

I'm not encouraging anyone to break the law. Nor do I condone it. I'm just pointing out that there are times and places where it becomes not only trivial to do but actually ceases to be a violation of the law.

For me the issue is not getting something for nothing it is getting something to use the way I want to. having to keep upwith dvd's for a game makes me want to download no cd patches. wanting to put my dvd on my media center PC makes we want to rip my dvd (or download it from somewhere). Tired of replacing "strawberry Shortcake because my 2 yr old grand daughter scratched it in the ca's dvd palyer makes me want to make a backup copy for her to use. Am I trying to steal, I don't think so and can live with my decision when shaving in the morning. Am I a criminal pirate, well some would say so especially fire breathing metallic mythical creatures.

Unless the link ( which is the public key ) is posted on the internet and Mega happens to have used a web crawler on that exact website, they have no way of knowing the filename, because of the fact every file is encrypted.

Exactly. Some people have made a big deal out of how Mega's encryption protects the uploader's files but the only one that the encryption is supposed to protect is Mega itself. As long as Mega can make a viable claim that they don't know what users upload they stay in the clear.

This might be a horrible analogy, but all this file-sharing reminds me of the gold smiths of old (ie: rothchilds, et.al.) Someone spends the time/money to dig up & process the tangible gold (make the copyrighted material), then everyone else wants to make a small profit just passing the shit around (share it on their site to draw in folks, and they get ad revenue on the side).

And Mega was supposed to be securely encrypted. It would be impossible for a third-party site to index their files if they were secure. Here comes the next prosecution...

If I understand the article correctly, third-party folks using Mega are willingly going to this other site, posting links to the files they have there, and provide the encryption key to get to it. So, it's not really a problem with Mega's encryption, and this site isn't scraping Mega to index it. Folks are manually indexing it by manually entering in what files they have stored at Mega. Mega's complaint would be that this is against their TOC's, so they'll need to shut down some accounts soon if they want to seem credible.

Unless the link ( which is the public key ) is posted on the internet and Mega happens to have used a web crawler on that exact website, they have no way of knowing the filename, because of the fact every file is encrypted.

Exactly. Some people have made a big deal out of how Mega's encryption protects the uploader's files but the only one that the encryption is supposed to protect is Mega itself. As long as Mega can make a viable claim that they don't know what users upload they stay in the clear.

It's also worth noting that posted links don't contain a "public key." The files on the Mega service are encrypted with AES-128 symmetric encryption, so the links that let you download unencrypted content include the object's individual AES-128 key (which, according to the docs, also decrypts child objects--so a link to a directory would grant access to all the directory's files and subdirectories).

Mega does use asymmetric cryptography and public and private keys, but only for communication between Mega users. Files don't use it, and links with embedded keys don't use it.

Information doesn't want anything. People want things for free, which is why Greece is such a mess - people gave the Greeks stuff for free, and look what happened.

Thanks, Obama!

It's amazing how he manages to put so many errors into a post so short.

In addition to all the tech stuff being wrong, TD is also wrong about Greece. Greece was in a recession because of the global financial crisis and banks melting down, and made repeated rounds of heavy austerity, each next one compounding the problem as people lost work, and therefore their wages, and therefore were spending less, worsening the economy. Nobody got anything "for free" and while TD may on a pedantic level may have a point about the "wants of information" TD is factually incorrect about Greece.

The vast majority of the files have already been removed either by the user or via Mega themselves that are indexed on that site. Since the files are directly linked with your public key, this doesn't seem like the best of ideas to begin with to maintain anonymity, but for random text files and e-books, those seem to not be taken down (at least so far). Might have some people from various companies monitoring that for copyright violations or Mega themselves monitoring it and pulling questionable files.

Thats because it hasnt been fully exploited yet. Once there is multiple sites indexing, multiple links for each file and multiple users uploading to the same mega account, all will be the same as before.

Information doesn't want anything. People want things for free, which is why Greece is such a mess - people gave the Greeks stuff for free, and look what happened.

Thanks, Obama!

It's amazing how he manages to put so many errors into a post so short.

In addition to all the tech stuff being wrong, TD is also wrong about Greece. Greece was in a recession because of the global financial crisis and banks melting down, and made repeated rounds of heavy austerity, each next one compounding the problem as people lost work, and therefore their wages, and therefore were spending less, worsening the economy. Nobody got anything "for free" and while TD may on a pedantic level may have a point about the "wants of information" TD is factually incorrect about Greece.

Its pretty safe to say TD is wrong about pretty much everything he posts. He is a troll of the worst kind who will always post an opinion contrary to what most people believe, just so he can get a rise out of them. Best thing to do is just click on that icon of an eye with a slash through it on one of his posts, and you will never have to see his drivel again

Very simply; I have a legal right to a back-up copy and using cloud storage is a way to back-up my files, some of which maybe copyrighted. Although not the technical ideal for back-up, but very useful when traveling. Others have a legal right to store their copyrighted files and allow downloads for profit. I think there is plenty of evidence cloud storage can serve a majority of files for legal purposes.

Sadly, unless those Christie's Italian translations are very very old (I would say unlikely, given how much more common is to find recent books in digitalised form), or made by the user him/herself, there is a good chance that they would be infringing someone copyright.

They got Demonoid & they got mega upload, but like the phoenix file sharing is rising from the ashes. With all the lessons learned from the last battle, Mega comes back better than ever. With a renewed sense of "fuck you" to the RIAA & MPAA.

Did Titanium Dragon really say "I'm really kind of sad that the RIAA/MPAA don't periodically go and just look for people who talk about how awesome piracy is and destroy them. It would get rid of all the idiots who constantly refer to the MAFIAA if nothing else."??

WTF? You are a dangerous human being. So you now believe people shouldn't even have the freedom to discuss? You think it's okay that the government "destroy" average, hard-working people because they TALK ABOUT piracy??

You're insane,clear and simple. And everybody int this forum knows you by now and can agree. If you're really an American, you represent everything wrong with America. People like you truly threaten everybody's freedom.

We (at MAFIAAFire) have taught so many people how to use uTorrent that if I had a $/£/Euro from each one of them I would be bloody rich.

While I guess _now_ quite a few of them would be using that gained knowledge to download copyrighted files,I won't lose any sleep over it, but in the beginning nearly all of them just wanted a way to share large files with family on the other side of the world...and others were just curious.

The situation the MAFIAA find themselves in right now, like a lot of other situations they have found themselves in is self made, we (at MAFIAAFire) have absolutely no pity for the scummies.

Mega and services like it are just solving a legit problem, filesharing is never going away because its in our nature to share and while some will use nearly any technology advancement for "unlawful" purposes most others dont.

It's unfortunate we dont have any real numbers as to how many people actually use sites like Mega to share HD video from their shiny new cellphones and camcorders or the more "hip" folks with DSLRs (in Auto/green mode of course ), the reason we dont have that data is because we just get the inflated numbers from the industry fighting the tide coming in.

Stopping file sharing is as absurd as stopping people from recording their kids and family and wanting to share that with others.

Did Titanium Dragon really say "I'm really kind of sad that the RIAA/MPAA don't periodically go and just look for people who talk about how awesome piracy is and destroy them. It would get rid of all the idiots who constantly refer to the MAFIAA if nothing else."??

Yep, he did. Trolls get desperate when most of their bait does not get a bite and thus they up the ridiculous ante.For example he really thinks they are powerful enough to actually destroy people who mock them, which is hardly the case or we at MAFIAAFire wouldn't exist... since we bitch slapped them a few times.

#1 rule when dealing with a troll...

utopia wrote:

You're insane,clear and simple. And everybody int this forum knows you by now and can agree. If you're really an American...

Why "American"? You can replace "American" with "human" and your point is still strong.

Yes, because advocating illegal activity on a public website is totally a good idea.

I'm really kind of sad that the RIAA/MPAA don't periodically go and just look for people who talk about how awesome piracy is and destroy them. It would get rid of all the idiots who constantly refer to the MAFIAA if nothing else.

Hey, I'm not advocating either way... I do have friends that have made liberal use of illegal downloads in their past... I have explained to them the ills of the Russia Mafia (thinking back to allofmp3) etc... but I can't make their decisions for them.

What I can tell you, with absolute certainty, is that "information wants to be free"... and it will find a way to be shared, whether legally or illegally... Don't believe that... then you better not look at the ongoing failures of DRM (CSS, AACS, ebook DRM, PS3 hard coded randomizer... these are but a few of a long list...)

I like technology... and I like to theorize about how to use AND abuse it... You never know what good things come from people thinking about using technology in a new way... You may have heard of people that hack their cars' computers to make them operate for what they view as better performance?? I think those kind of people are crazy polluters... but I'd rather be on their side, than the side that tried to tell me I couldn't put my legally purchased CD's into my Rio PMP (yes, I still have it here somewhere... loaded with music from 1999 that I probably downloaded from Napster (before I learned how to make my own MP3s of my own CDs))

Also, don't forget that there are countries where downloading stuff from an illegal source for personal use is completely legal. This is the case in The Netherlands for instance.

Uploading copyright protected files is still illegal (for instance torrents), but downloading them via this indexing site isn't. So even if that site is 100% files protected by copyright, the site can still be used legally by a lot of people.

So, technically it isn't piracy when I download something protected from MEGA, but since the MPAA/RIAA insist on calling it that, I say: PIRACY IS AWESOME.

Besides that, I feel the content industry in the USA is more like organized crime than MegaUpload was. Since they felt they were perfectly justified in destroying that business without any due process for their own gain, I can't see any moral wrong in destroying their business without any due process for my gain either.

Due to a script developed by Mega to delete all files indexed Mega-search, the engine is temporarily unavailable. A solution to overcome this problem will be made shortly.

ardent wrote:

I suppose there's little value in pointing out that there's no difference between a DMCA-worthy file and someone's legally authorized personal copy uploaded to a cloud server until you can prove it is being downloaded by people other than the owner. You're aware of this and I imagine it's something you would prefer not be mentioned with frequency.

While this is true in many cases, there are a very large number of cases where it is not. For example movie screeners, cams and telesyncs are very popular for the illegal sharing of movies. Yet the general public has no means of acquiring legally authorized personal copies. And if there is a release group advertised on the first few frames, we also know this can't be a legally authorized copy.

I suppose there's little value in pointing out that there's no difference between a DMCA-worthy file and someone's legally authorized personal copy uploaded to a cloud server until you can prove it is being downloaded by people other than the owner. You're aware of this and I imagine it's something you would prefer not be mentioned with frequency.

While this is true in many cases, there are a very large number of cases where it is not. For example movie screeners, cams and telesyncs are very popular for the illegal sharing of movies. Yet the general public has no means of acquiring legally authorized personal copies. And if there is a release group advertised on the first few frames, we also know this can't be a legally authorized copy.

What you say about movies from release groups may not be true. If you own the DVD or Blu-Ray you have a license. Where you then get the electronic copy doesn't matter in most countries.